Re: IAP TCP error for Linux instance

lompat31 · 06-01-2023 07:03 PM

Dear All

Currently i'm migrating my on prem vm to GCP. My on prem server contain linux and windows VM. I have create the test clone. And i am try to connect both server using IAP. The problem is when i trying to access the linux, it give error firewall rules to permit IAP-TCP. I have configured that but still happen. For the windows, i can remote as usual.

When i check the serial console of the linux instance, it show error on the metadata server

Kindly advise on this matter

Andrew_Tyt

It looks like your Linux VM has a problem with the network. YOu can connect as root to the serial console: https://cloud.google.com/knowledge/kb/login-to-google-compute-engine-linux-vm-instance-as-root-over-... and check what's wrong. One of the standard problems after migration - an old MAC address - you can check NIC configuration files and /etc/udev/rules.d/

lompat31

Hi Andrew

I have connect the instance using the serial console, but only for few hours only, after that it appear the metadata error. I also have screenshot new error regarding this. Have you encountered this issue?

Andrew_Tyt

HI,

As you see, the DHCP client can't get the right IP and as a result, your instance can't connect to the network. In GCE VM this function is configured by

google-guest-agent.service - I think you now install it on the migrated server or it not work properly. Here https://cloud.google.com/compute/docs/images/install-guest-environment you can find some instructions

Willbin

Hello @lompat31,

Welcome to Google Cloud Community!

Your VM must accept connections from addresses in the 35.235.240.0/20 range if you are using IAP for TCP. This range contains all IP addresses that IAP is using for TCP forwarding.

To do this, see Create a firewall rule

lompat31

Hi Willbin,

I have configured the IAP firewall rule. For the instance created within the GCP have no issue to connect. But the instance migrated from on prem is not able to connect.